Observations on articles I read to keep current about technology. My interests are: Privacy, security, business, the computer industry, and geeky stuff that catches my eye.

I don't think I have an agenda beyond my own amusement.

Note that I lump all my comments into a single post. This is not a typical BLOG technique, It's just an indication that I'm lazy.

Saturday, December 19, 2015

An update. It's not the DNC's data at issue, it's
the Sanders campaign data that they can't get to. They (all
candidates?) store it on the DNC's database because it's cheaper and
nothing could possibly go wrong.

… The fracas began on Wednesday morning, with
the crash of a software firewall that is supposed to prevent
campaigns from seeing the voter data compiled by rival candidates.
(All the Democratic presidential campaigns have access to the DNC
data, and can then add their own information and analysis to the
database.) The crash allowed members of Sanders’s staff to view
proprietary voter lists of the Hillary Clinton campaign, including,
according to news
reports on Friday, information
on voters less inclined to support the former secretary of state
in the critical early states of Iowa and New Hampshire.

To punish the Sanders campaign for the breach, the
DNC said the campaign could not have access to the party’s voter
data.

… The
DNC files are filled with public information — no
private information, à la credit card company hacks, would have been
compromised here — that’s been gathered from various secretaries
of state offices across the country. Those files contain names,
addresses, elections voted in, and in some states, date of birth and
gender.

Without access to these files, the Sanders
campaign’s ability to canvass voters in a targeted manner — go to
this house, but not that one — is lost, as are its capabilities to
create a tailor-made phone list to contact voters who are more likely
to #FeelTheBern. It basically means Sanders staffers have to
campaign like it’s 1999

… the campaign could have saved or printed
lists outside the NGP VAN system.

But the long-term effects are alarming enough that
the Sanders campaign filed a lawsuit in federal court on Friday
seeking to re-gain access to the DNC’s voter file, saying
that the committee was “attempting to undermine” its campaign,
and that the organization “continues to hold our data hostage.”

… Campaigns
gather information from voters that serve to enrich this file
— who a caller says they’ll vote for or whether a landline number
is dead are seen as valuable tidbits — and they agree to update the
system after the campaign so that future candidates can use it.

But what probably angers Sanders and his people
the most is being locked out of information they’ve collected on
potential Sanders volunteers. If a person whose door is knocked on
says they’d like to volunteer for the campaign, that’s quite a
boon, and the campaign would store that information away in the
system. When staffers were locked out of the NGP VAN system, they
would have lost access to these files, Klaber said.

Does the FBI see China in every hack? Maybe China
is in every hack. Or maybe they have a low threshold for
“sophistication?”

… Juniper on
Thursday said it discovered two security issues that can affect
products or platforms running the ScreenOS software. It released an
emergency security patch, advising customers to update their systems
and apply the patched releases with "the highest priority."
(juni.pr/1msg7WM)

CNN reported that U.S.
officials are concerned because hackers who took advantage of the
flaw could access the network of companies or government agencies
that used the Juniper product.

The breach is believed
to be the work of a foreign government because of the sophistication
involved, U.S. officials told CNN. (cnn.it/1msgmkF)

The opposite of sophistication? Just think of it
as a password you were unlikely to guess. (What do 28 backspaces
spell in Chinese?)

The
Simplest Hack: Hitting The Backspace 28 Times Will Break You Into a
Linux Computer

Linux may be the operating system of choice for
some computer snobs, but there is apparently one giant flaw in it:
you can break into it really, really, really easily. All you have to
do is hit the backspace key enough times, something on the order of
28.

Wait, what?

Lorenzo
Franceschi-Bicchierai at Motherboard
does a pretty good job unpacking this. Essentially, the backspace
bug causes the system to bring up a Grub rescue shell. From this
shell, hackers have access to all the data on the computer, and can
use it to install malware, delete files, or outright steal them. The
bug was discovered by two researchers at the Cybersecurity Group at
the Polytechnic University of Valencia, and published
on the personal site of researcher Hector Marco.

The researchers indicate that the Grub problem
affects Linux systems from 2009 to the present date, though older
systems may be affected. Already, many major distributions,
including Debian and Ubuntu, have released emergency patches to fix
the problem. So if you're a Linux user and think you might be
affected, either try hitting the backspace key 28 times on the login
screen, or just install the patch and don't chance it.

Perspective. Who has the weakest security?
Sounds like a project for my Ethical Hacking class!

It seems like all retail giants are eager to offer
customers new ways to pay with a smartphone. First it was the
disruptive Apple Pay, which was joined by others including Samsung
Pay, Android Pay and the recently launched Walmart Pay. Now lobbying
its way in, is Target Corporation.

… sources mentioned that the country's fourth
largest retail chain has already undertaken certain decisions,
including which financial institutions and credit card companies to
partner with. Also, the company’s management is inclined to
process transactions through scanning technology, using the QR code
to establish communication with payment terminals, just as Wal-Mart
and Starbucks do. The company will eventually integrate the mobile
payment platform, with its existing mobile shopping app.

(Related) Perspective. Has anyone tried to
collect Best Practices for Apps?

Companies are coming up with all kinds of new ways
to use mobile apps, from customer
service to an intranet
alternative. So it is no surprise that many businesses use at
least a dozen mobile apps. In a report
published today, Apperian, a provider of mobile application
management software, found that the mean number of apps across its
customers is nearly 35 while the median number is 13.

Interestingly, however, Apperian found that the
number of mobile apps deployed is not a leading indicator of an
organization's success with mobile apps. It is more important to
have mobile apps that support business processes aligned with
strategic initiatives, according to Apperian, which also found that
companies tend to deploy mobile apps meant for specific business
functions rather than mobile apps used by entire workforces.

Earlier today, the US House of Representatives
passed a 2,000-page omnibus budget bill that contains
the entirety of the controversial Cybersecurity Information
Sharing Act. Just moments ago, the Senate passed
it too.

… Update: As expected,
President Obama has just signed the bill, enacting both the $1.1
trillion budget and CISA.

… Microsoft
Office creates and maintains a metadata file attached to your
document. Each time you send it, your details are passed forward to
the recipient, and anybody else that document moves forward to. This
is okay in certain situations, but at other times it can be handy to
clean your documents of any personal data before releasing them into
the wild.

… The
Document Inspector is an amalgam of all of the different
inspector services available to Microsoft Office. Their main
functions are to locate and remove any additional data from your
documents. Before using the Document Inspector, save
your current document.

I find it difficult to believe that Directors
would be unsatisfied with the information they receive (on any
subject) for long.

… The
legislation asks each publicly traded company to disclose information
to investors on whether any member of the company’s Board of
Directors is a cybersecurity expert, and if not, why having this
expertise on the Board of Directors is not necessary because of other
cybersecurity steps taken by the publicly traded company.

… A
study released earlier this year from the Ponemon Institute found
that 78 percent of the more than 1,000 CIOs, CISOs and senior IT
leaders surveyed had not
briefed their board of directors on cybersecurity in the last 12
months. In addition, 66 percent said they don't believe senior
leaders in their organization consider security a strategic priority.

A
separate survey
published in January by the National Association of Corporate
Directors (NCD) that found that more than half (52 percent) of the
1,013 corporate directors surveyed were not satisfied with the amount
of information they were receiving about cyber-security. In
addition, 36 percent said they were unsatisfied with the quality of
that information.

If you never ask yourself the question, you don't
have an answer when someone else asks. AKA: “We don't need no
stinking privacy!”

FAA Finally
Admits Names And Home Addresses In Drone Registry Will Be Publicly
Available

The FAA finally confirmed this afternoon that
model aircraft registrants’ names and home addresses will be
public. In an email message, the FAA stated: “Until the drone
registry system is modified, the FAA will not release names and
address. When the drone registry system is modified to permit public
searches of registration numbers, names and addresses will be
revealed through those searches.”

The NFL bit could be interesting. If many
companies grab content that requires specific (proprietary) Apps to
access, we'll need a new kind of TV guide – powered by Watson!

… Is Apple really going to go after Thursday
Night Football? Reports came in this week that the NFL has reached
out to Apple for a potential bid, along with Amazon, Google, Yahoo,
and the more traditional broadcast partners. It’s
an idea championed by Forbes’ Eric Jackson, who believes a bid
from Apple of $4 billion over five years would bring in $24 billion
in profits:

The extra sales of Apple TVs, content via iTunes that people would
then buy on their Apple TVs, plus incremental iPhone sales would all
be new iOS ecosystem sales not currently factored in by Wall Street
analysts in their current price targets for the Apple stock price.

Therefore, they would have to model in all this additional revenue
which would be prompted by large numbers of Americans and those
internationally who love their NFL migrating to Apple to be able to
stream the games on their Apple TV hockey pucks.

The Wall Street analysts would have to take their best guess of
future profits flowing to Apple from this move (which I have argued
is $24 billion) and multiply that number by the current forward
price-to-earnings multiple which Apple has (which is 11x).

Furor over
Arabic assignment leads Virginia school district to close Friday

A Virginia county closed all of its schools Friday
because of intense backlash over a class assignment about Islam, with
some parents alleging that their children were being subjected to
Muslim indoctrination and educators emphasizing the importance of
exposing U.S. students to the world’s fastest-growing religion.

A high school geography teacher in rural Augusta
County asked students to try their hand at writing the shahada, an
Islamic declaration of faith, in Arabic calligraphy. The task,
community reaction to it, and a sudden influx of outrage from around
the country — including angry emails, phone calls and threats to
put the teacher’s head on a stake — led the school district to
close rather than risk disruption or violence.

… The shahada translates to: “There is no
god but God. Muhammad is the messenger of Allah.” Some
translations start with: “There is no god but Allah.” [Nothing
about ISIS at all? Bob]

Something to illustrate why my Data Management
students need Data Management. ('cause it never hurts to keep
pounding home the benefits of a good education!)

Microsoft has furthered its pursuit of enterprise
analytics with the
acquisition of Metanautix, a company that makes it possible for
businesses to pull together all their data and gain insights into it.

Metanautix's product can pull information in from
a variety of private and public cloud data sources including
traditional data warehouses, NoSQL databases like Cassandra and
business systems like Salesforce. Once it's aggregated, businesses
can use SQL to query the resulting data pipeline in order to glean
insights from the information.

Perhaps I can have the university buy me some of
this – for my students of course.

“The
Intercept has obtained a secret, internal U.S. government
catalogue
of dozens of cellphone surveillance devices used by the military and
by intelligence agencies. The document, thick with previously
undisclosed information, also offers rare insight into the spying
capabilities of federal law enforcement and local police inside the
United States. The catalogue includes details on the Stingray,
a well-known brand of surveillance gear, as well as Boeing “dirt
boxes” and dozens of more obscure devices that can be mounted on
vehicles, drones, and piloted aircraft. Some are designed to be used
at static locations, while others can be discreetly carried by an
individual. They have names like Cyberhawk, Yellowstone, Blackfin,
Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is
listed as the vendor of one device, while another was developed for
use by the CIA, and another was developed for a special forces
requirement. Nearly a third of the entries focus on equipment that
seems to have never been described in public before…”

Just because it's cool (and local) You can see a
long way if you're high enough.

… In the late morning, as it passed over the
Pacific, it turned back and looked at the continent to the east.
Gazing over Los Angeles; the Mojave desert; the Grand Canyon; and the
southern tip of Utah, it captured an image of Colorado.

… From
the Indy Star: "Scores on thousands of student exams could
be incorrect because of a computer malfunction that inadvertently
changed grades on Indiana's high-stakes ISTEP test, according to
scoring supervisors familiar with the glitch."

Officials with the Democratic National Committee
have accused the presidential campaign of Sen. Bernie Sanders of
improperly accessing
confidential voter information gathered by the rival campaign of
Hillary Clinton, according to several party officials.

Jeff Weaver, the Vermont senator’s campaign
manager, acknowledged that a low-level staffer had viewed the
information but blamed a
software vendor hired by the DNC for a glitch that allowed access.
Weaver said one Sanders staffer was fired over the incident.

The discovery sparked alarm at the DNC, which
promptly shut off the Sanders campaign’s access to the
strategically crucial
list of likely Democratic voters.

… NGP VAN, the vendor that handles the master
file, said the incident occurred Wednesday while a patch was being
applied to the software. The
process briefly opened a window into proprietary information from
other campaigns, said the company’s chief, Stu
Trevelyan.

… “Sadly, the DNC is relying on an
incompetent vendor who on more
than one occasion has dropped the firewall between the
various Democratic candidates’ data,” he said.

… Sure, she’s almost certainly going to win
the nomination. But if I were running the Clinton campaign, I’d
still be a little nervous. C linton’s lead in Iowa isn’t safe;
Bernie Sanders could win the caucuses. And with expectations for her
as high as they are, a Clinton loss in Iowa (or even an underwhelming
win) would cause her campaign a lot of heartache.

Another indication that the card readers (or
payment processors) are being tapped?

Industry sources told this author that the problem
appears to have started in May 2015 and may still be impacting some
Landry’s locations.

… Restaurants are a prime target for credit
card thieves, mainly because they traditionally have not placed a
huge emphasis on securing their payment systems. The attackers
typically exploit security vulnerabilities or weaknesses in
point-of-sale devices to install malicious software that steals
credit and debit card data.

Sources at multiple financial
institutions say they are tracking a pattern of fraud indicating that
thieves have somehow compromised the credit card terminals at
checkout lanes within multiple Safeway stores in California and
Colorado. Safeway confirmed
it is investigating skimming incidents at several stores.

Wearables are atop gift
lists this year as Fitbit continues to grow and Apple
is expected to sell six million Watches in the next month alone.
Wearable-renting company Lumoid
says it receives at least
one new wearable device each week saying they “sometimes
can’t keep up, especially now with the holiday season coming up.”

There are more wearables on the market than ever
before but experts like Good Technology’s John Herrema say
manufacturers aren’t prepared to keep such a massive scale of users
secure.

This sort of collection is nothing new. Many law
enforcement agencies act under the belief that location
information is just another business record, subject to fewer
restrictions and a lower level of privacy protections. Generally
speaking, courts have found the acquisition of historical cell
site location data without a warrant to have minimal impact on Fourth
Amendment protections. Using this information as a
tracking device, however, has generated plenty
of friction in the judicial system, something that probably won't
be resolved until the Supreme Court tackles it.

The US Federal Trade Commission said its
settlement with LifeLock came after the
company failed to comply with a 2010 federal court order
requiring it to secure consumers' personal information and
prohibiting deceptive advertising.

It is the largest monetary award obtained by the
commission in an order enforcement action, the FTC said.

"This settlement demonstrates the
Commission's commitment to enforcing the orders it has in place
against companies, including orders requiring reasonable security for
consumer data," said FTC Chairwoman Edith Ramirez.

… A
company statement Thursday said the settlement would "enable
LifeLock to move forward with a singular focus on protecting our
members from threats to their identity."

It
said the allegations by the FTC related to ads and practices that
have been discontinued.

"There
is no evidence that LifeLock has ever had any of its customers' data
stolen, and the FTC did not allege otherwise," the statement
said.

A Brazilian court dealt a legal victory Thursday
to the popular app WhatsApp, hours after another judge suspended the
messaging tool.

In the second ruling, the court found that it was
unreasonable to cut off access to the app for tens of millions of
people because the company failed to comply with a court order.
Agence France-Presse said the service was working again in the
country.

Internet provider Cox Communications is
responsible for the copyright infringements of its subscribers, a
Virginia federal jury has ruled. The ISP is guilty of willful
contributory copyright infringement and must pay music publisher BMG
$25 million in damages.

Today marks the end of a crucial
case that will define how U.S. Internet providers deal with
online piracy in the future.

The case was initiated by BMG Rights Management,
which held the ISP responsible for tens of thousands of copyright
infringements that were committed by its subscribers.

During the trial hearings BMG revealed that the
tracking company Rightscorp downloaded more than 150,000 copies of
their copyrighted works directly from Cox subscribers.

It also
became apparent that Cox had received numerous copyright infringement
warnings from Rightscorp which it willingly decided not to act on.

… A week before the trial started Judge
O’Grady issued
an order declaring that Cox
was not entitled to DMCA safe-harbor protections, as the
company failed to terminate the accounts of repeat infringers.

BMG also argued that the ISP willingly profited
from pirating subscribers, but the jury found that there was not
enough evidence to back this up.

The verdict is bound to cause grave concern among
various other U.S. Internet providers. At the moment it’s rare for
ISPs to disconnect pirating users and this case is likely to change
that position.

Perspective. Gee, the TV Ads make it sound so
much faster. Reality: The US isn't in the top 10.

Akamai:
Global average Internet speed grew 14% to 5.1 Mbps, only 5.2% of
users have broadband

Global average connection speeds rose 14 percent
year over year to 5.1 Mbps in Q3 2015. Unfortunately, just over 5
percent of users now have broadband speeds of at least 25.0 Mbps.
The latest figures come from Akamai,
which today published its quarterly State
of the Internet Report for Q3 2015.

Obey the law, become a victim? Should we program
them to break the law when they think they can get away with it?
With some simple analysis (which may already exist) we will know when
humans are likely to “cheat” and just add that to their software.

The self-driving car, that cutting-edge creation
that’s supposed to lead to a world without accidents, is achieving
the exact opposite right now: The vehicles have racked up a crash
rate double that of those with human drivers.

The glitch?

They obey the law all the time, as in, without
exception.

… “It’s a constant debate inside our
group,” said Raj Rajkumar, co-director of the General
Motors-Carnegie Mellon Autonomous Driving Collaborative Research Lab
in Pittsburgh. “And we have basically decided to stick to the
speed limit. But when you go out and drive the speed limit on the
highway, pretty much everybody on the road is just zipping past you.
And I would be one of those people.”

A former top aide to Hillary Clinton appeared to
joke with reporters that he wanted to avoid open records laws, years
before his and other Clinton aides’ use of private email accounts
became an issue for her presidential campaign.

“I want to avoid FOIA,” Philippe Reines,
Clinton’s combative former adviser, wrote in
an email to journalists Mark Halperin and John Heilemann in
February 2009, referring to the Freedom of Information Act.

The message was apparently sent before Reines took
a job at the State Department and is being dismissed by his lawyers
as a joke.

Yet critics of Clinton are likely to view it more
seriously, given long concerns that the use of personal email
accounts by Reines, Clinton and other top officials not only skirted
government recordkeeping laws but may have jeopardized national
security.

US Defense Secretary Ashton Carter acknowledged
Thursday making a "mistake" when he used his personal email
for government business in the early part of his tenure, triggering
concerns hackers could access sensitive information.

Interesting App, but my wife, the “power
shopper” has “Buy now, have husband pay later” as her operative
philosophy.

Pinterest has a new way to entice users to come
back and buy things: keeping tabs on the price.

That comes in the form today of a new tool that
helps Pinterest users monitor price drops on products they’ve
pinned. When users save pins, they’ll get a heads up when a price
drops in the form of an in-app notification and an email. They can
then jump straight to that pin and make the purchase.

… In the end, this is likely about
getting Pinterest users to come back and buy products on Pinterest.
Though the company might not treat commerce as a strong monetization
channel just yet alongside its advertising business, it helps get
users to come back to Pinterest over and over again. That, in
general makes the service
more sticky — giving it an opportunity to better
monetize its user base.

Shelfie
is a neat Android and iOS app that can help you find audiobook and
ebook versions of your favorite books. To use Shelfie simply take a
picture of a book and the app will search for an ebook or audiobook
version of a book. Some of the ebooks and audiobooks that the app
locates are free and others require a purchase. The app also allows
you to create a shelf of your books.

The House is pressing the Obama administration to
articulate a broad strategy to thwart terrorists' use of social
media.

The lower chamber by voice vote approved the
Combat Terrorist Use of Social Media Act on Wednesday, which would
commission a number of reports on the subject and require Obama to
follow through on a commitment to present a broad strategy.

FBI
director: San Bernardino shooters never expressed public support for
jihad on social media

James Comey, the FBI director, said on Wednesday
that there remained no evidence the couple who massacred 14 people in
San Bernardino, California, on December 2 were part of an organized
cell or had any contact with overseas militant groups.

Syed Rizwan Farook, 28, and Tashfeen Malik, 29,
expressed support for "jihad and martyrdom" in private
communications but never did so publicly on social media, Comey said
at a news conference in New York City.

Dirverless cars are legal as long as they have a
driver. Way to go California!

A Brazilian state judge ordered the suspension of
Facebook Inc.’s WhatsApp throughout Brazil for 48 hours early
Thursday, disrupting the lives of tens of millions of Brazilians who
use the messaging service.

A local judge in São Paulo state ordered the
block after WhatsApp refused to cooperate with a criminal
investigation, the court said in a statement. The court said that
the decision was made amid a criminal procedure, but didn't
provide more details, saying the case is under seal.

WhatsApp is hugely popular in Brazil, where
roughly half of the country’s 200 million people use its free text
and voice messaging functions regularly. Many poorer Brazilians
depend exclusively on WhatsApp for their day-to-day communications.

… Local telecoms companies have been
complaining for months that WhatsApp, particularly its free voice
messaging service, is illegal. But the speed with which the block
took place, and the lack of pushback from telecoms companies, came as
a surprise to many here. Similar efforts to block WhatsApp and other
services in the past have been rejected by higher courts before they
could be enforced.

… WhatsApp competitors wasted little time in
taking advantage of their rivals’ outage. Messaging service
Telegram said early Thursday that more than 1.5 million Brazilians
had downloaded its app since WhatsApp went offline.

Free isn't always free. And feedback from
citizens may be drafted by Mark Zuckerberg.

Facebook is calling on Indian users to send
an email to the Telecom Regulatory Authority of India (TRAI),
asking the government agency to support its Free
Basics program. The campaign, which shows up
when users sign onto the social media platform and includes a
pre-filled form so they don’t even have to write an email, has
already proven controversial, with opponents saying its message
undermines net neutrality in India.

Microsoft
Corp.disclosed new details of a plan to work with a
Chinese partner to accelerate adoption of the Windows 10 operating
system introduced last summer.

The company late Wednesday said it will set up a
jointly owned entity with China Electronics Technology Group Corp.,
or CETC, a state-owned company that provides technology for Chinese
military and civilian use. The venture will extend a relationship
announced with CETC in September, Microsoft said.

That venture, tentatively called C&M
Information Technologies, will be based in Beijing and will license,
deploy, manage and provide technical support for Windows 10 for
government agencies and government-owned institutions, said Yusuf
Mehdi, a corporate vice president in Microsoft’s Window and devices
group, in a blog post released to coincide with a news conference in
Beijing.

PROFESSOR
LESSIG FROM HARVARD LAW SCHOOL PROVIDES EXPERT OPINION IN THE KIM
DOTCOM EXTRADITION CASE

In submissions filed on September 16, 2015 by the
Kim Dotcom legal team in District Court in New Zealand, Professor
Lawrence Lessig, from Harvard Law School, provided his expert legal
opinion on the United States Department of Justice's (DOJ) criminal
allegations in the extradition record against Kim Dotcom and the
others. Below are quoted excerpts from Professor Lessig's opinion.

… Earlier this year, the accounting firm
Pricewaterhouse Coopers announced
that the company will offer to help
associate-level employees (who make up 45 percent of PwC’s 46,000
U.S. employees) out with their student-loan debt starting
mid-2016. PwC will contribute about $100 a
month towards an employee’s student-loan principal for up to six
years, for a total payout of $7,200. Since paying off loan principal
will reduce interest, the company estimates that the benefit is
actually worth up to $10,000.

Interesting. Let's hope they can analyze more
areas and a more granular level. (e.g. What works best for
programmers in Centennial vs. Denver.)

… “We had this premise that word processing
in text hadn’t been disrupted in a while, from command line to
GUI,” CEO Kieran Snyder said

… Textio’s first tool looks at talent
acquisition documents — like job postings — to determine how well
they will perform among candidates. Certain words and layouts
attract more candidates than others, Snyder found, and those
predictive analytics are baked into the service. For example, Textio
shows that job postings with bullet points tend to perform better
than job postings without them.

… Textio recognizes more than 60,000 phrases
with its predictive technology, Snyder said, and that data set is
changing constantly as it continues to operate. It looks at how
words are put together — such as how verb dense a phrase is — and
at other syntax-related properties the document may have. All that
put together results in a score for the document, based on how likely
it is to succeed in whatever the writer set out to do.

Pew
Research Center Study: “About half of American adults (49%)
“ever play video games on a computer, TV, game console, or portable
device like a cellphone,” and 10% consider themselves to be
“gamers.” A majority of American adults (60%) believe that most
people who play video games are men – a view that is shared by 57%
of women who themselves play video games. But the data illustrates
that in some ways this assumption is wrong: A nearly identical share
of men and women report ever playing video games (50% of men and 48%
of women). However, men are more than twice as likely as women to
call themselves “gamers” (15% vs. 6%). And among those ages 18
to 29, 33% of men say the term “gamer” describes them well, more
than three times the proportion of young women (9%) who say the
same…”

According to researchers from security
firm Avast, the database storing the names, e-mail addresses, home
addresses, phone numbers, and wish lists of Target customers is
available to anyone who figures out the app’s publicly available
programming interface.

To our surprise, we discovered that the Target
app’s Application Program Interface (API) is easily accessible over
the Internet. An API is a set of conditions where if you ask a
question it sends the answer . Also, the
Target API does not require any authentication.
The only thing you need in order to parse all of the data
automatically is to figure out how the user ID is generated.
Once you have that figured out, all the data is served to you on a
silver platter in a JSON file.

Facebook, Google and Twitter have agreed a deal
with Germany under which they will remove hate speech posted on their
websites within 24 hours.

German Justice Minister Heiko Maas said the
measures would ensure German law was applied online.

Social media cannot "become a funfair for the
far right," he said.

The agreement follows reports
of a rise [Rather
vague. “Yeah, I read all about it in some Blog. They said they
found more racist articles now that they can read.” Bob]
in online racism in Germany as the country manages an influx of up to
one million migrants and refugees in 2015.

… They would assess complaints using the
benchmark of German law "and no longer just the terms of use of
each network", he said.

"When the limits of free speech are
trespassed, when it is about criminal expressions, sedition,
incitement to carry out criminal offences that threaten people, such
content has to be deleted from the net," Mr Maas said.

… The company on Tuesday announced the opening
of a new global headquarters and research lab in Munich for a
division that will build Watson-based applications for Web-connected
devices. The facility and eight other global centers are part of a
$3 billion investment in the unit set out in March by Armonk, New
York-based International Business Machines Corp.

Looks like Heartland has recovered from the 2008
breach (~100 million cards)

… “The combination of Global Payments and
Heartland will be transformative for the worldwide payments
industry,” Robert O. Carr, chief executive officer of Princeton,
New Jersey-based Heartland, said in the statement.

As consumers replace cash and checks with
electronic payments including credit cards and mobile phones,
companies that process transactions are rushing to consolidate.
Established firms are scooping up smaller competitors and merging
with companies abroad, repositioning themselves as technology for
handling transactions evolves.

… Global Payments had about 2.9 percent of the
global transactions processing market in 2014, while Heartland had
about 2.1 percent, according to the Nilson Report, an industry trade
publication and data service.

The Securities and Exchange Commission has
approved a plan from online retailer Overstock.com to issue
company stock via the Internet, signaling a significant
shift in the way financial securities will be distributed and traded
in the years to come.

Over the past year, Overstock and its
freethinking CEO, Patrick Byrne, have developed technology for
issuing financial securities by way of the blockchain, the vast
online
ledger underpinning the bitcoin digital currency. The blockchain
is essentially an enormous database that runs across a global network
of independent computers. With bitcoin, this ledger tracks the
exchange of money. But it can also track the exchange of anything
else that holds value, including stocks, bonds, and other financial
securities. Overstock has already used
the blockchain to issue private bonds, which did not require
explicit regulatory approval. Now, the SEC has told the company it
can issue public securities in much the same way.

Interesting (to me anyway) how closely this
parallels what Prof. Soma has done for years at the Privacy
Foundation seminars.

… Make no bones about it – the defining
factor in deciding where you sit on the presentation landscape is
your audience. This might sound like I’m stating the blindingly
obvious, but the reality is that few presenters make this leap.
They’re too busy thinking about their slides, [Slides
are forbidden. Bob] their breathing, or their attire to
take a moment to ask themselves the simple question – how would the
audience like to be presented to? Once you recognize that the
audience is the most important stakeholder in the whole presentation
process, it makes it a whole lot easier for presenters to focus on
engaging with the people in front of whom they are standing.

Today, we have one of the coolest free eBook
offers we’ve ever had. We’re talking about four free Raspberry
Pi eBooks all in one awesome bundle! These books would normally
sell for over $90, but until 12/20, you can get all of them for free!

… To redeem your copy and download the free
eBook, just head over to this
page and sign up for a free account.

… Now, the European Union is on the
verge of implementing new laws that would see children under the age
of 16 banned from Facebook, Snapchat, Instagram and email, unless
they have parental permission. The new regulations would see the age
of consent for websites to use personal date raise from 13 to
16-years-old.

Read more on The
Viral Thread. Not surprisingly, there’s a lot of opposition to
the proposal.

Not exactly hacking in to Apple. More like
finding the results of phishing.

The makers of MacKeeper — a
much-maligned
software utility many consider to be little more than scareware
that targets Mac users — have acknowledged a breach that exposed
the usernames, passwords and other information on more than 13
million customers and, er…users. Perhaps more interestingly, the
guy who found and reported the breach doesn’t even own a Mac, and
discovered the data trove merely by browsing Shodan
— a specialized search engine that looks for and indexes
virtually anything that gets connected to the Internet.

IT helpdesk guy by day and security researcher by
night, 31-year-old Chris
Vickery said he unearthed the 21
gb trove of MacKeeper user data after spending a few bored
moments searching for database servers that require no authentication
and are open to external connections.

A lot of my students will be facilitating and (I
hope) securing the BYOD world.

… "The corporate intranet in a mobile
environment is lousy. How do you make it work with a two-and-a- half
by 4-inch screen," said Jeff Corbin, founder and CEO of APPrise
Mobile, provider of an application development platform that can be
used to create native, mobile communications apps for employees,
investors and conference attendees, among other audiences.

So you are a health professional or
knowledgeable consumer and think you understand the issues
surrounding privacy and exchange of personal health information? So
did I, until I recently became a patient and had the temerity (or is
that foolishness and patience?) to actually read the consent when I
went to the outpatient surgical center for a cancer screening
procedure.

And what I read was — to say the least
— disturbing. When it came to sharing my health information, there
were no middle options: either it could be shared with other
exchanges, vendors, consultants, and others nationwide, or I wouldn’t
be able to get access when I really needed it — especially in an
emergency situation.

“Today we can declare victory and
voluntarily dismiss our case,” Human Rights Watch senior
coordinator Henry Peck said in a statement, adding that while bulk
collection still continues overseas “we can celebrate a small
victory for transparency and legality today, and hope for further
victories to come.”

Immigration
officials prohibited from looking at visa applicants' social media

Homeland Security Secretary Jeh Johnson decided
against ending a secret U.S. policy that prohibits immigration
officials from reviewing social media posts of foreigners applying
for U.S. visas, according to a report by ABC
News.

Johnson decided to keep the prohibition in place
in early 2014 because he feared a civil liberties backlash and “bad
public relations,” according to ABC.

… A DHS spokesman told ABC News that in the
fall of 2014 after Cohen left, the department began three pilot
programs to include social media in vetting, but officials say it's
still not a widespread policy and a review is underway.

A draft regulation only 211 pages long? They're
not taking this serious.

The U.S. Department of Transportation’s Federal
Aviation Administration (FAA) today announced a streamlined and
user-friendly web-based aircraft registration process for owners of
small unmanned aircraft (UAS) weighing
more than 0.55 pounds (250 grams) and less than 55 pounds
(approx. 25 kilograms) including
payloads such as on-board cameras.

… Registrants will need to provide their name,
home address and e-mail address. Upon completion of the registration
process, the web application will generate a Certificate of Aircraft
Registration/Proof of Ownership that will include a
unique identification number for the UAS owner, which must be marked
on the aircraft. [Those
numbers will be for sale on the Dark Net shortly. Bob]

… The Washington, D.C.-based Competitive
Enterprise Institute said Monday the FAA violated federal
requirements for allowing public comments on the drone registration
proposal, which usually lasts for a period of 30 to 60 days.

… One of the only insurance policies designed
to cover hobbyist drone pilots comes from membership in the Academy
of Model Aeronautics, which charges adults $75 per year. All the
group's 185,000 members enjoy $2.5 million in personal liability
coverage from Westchester Surplus Lines Insurance, part of ACE Group,
and $25,000 medical coverage.

“Most of the claims we have are small claims,”
says Rich Hanson, the AMA’s director of government relations. The
most common case involves an out-of-control drone flying into a car.
The AMA declined to reveal how many claims on average are filed per
year.

Homeowner policies at Allstate, one of the largest
property insurers, will cover damage if a policyholder crashes a
drone and damages someone else’s property. But a “first-party
claim”—damage you do to your own home—isn’t covered, says
Allstate spokesman Justin Herndon.

The RIAA has scored another win in a prominent
piracy lawsuit. The music group has prevailed in its case against
the 'reincarnation' of the defunct Grooveshark music service, with a
New York federal court granting more than $13 million in piracy
damages plus another $4 million for willful counterfeiting.

Last May, Grooveshark shut
down after settling with the RIAA. However, within days a
“clone” was launched
aiming to take its place.

It seems that the IoT wars are finally heating up
and Philips may have just fired the opening shot. The company has
just rolled out a firmware update to its Hue brand of
network-connected smart bulbs and one of if not the most significant
thing it does is to cut off connectivity with third party bulbs,
which is to say smart bulbs from its rivals like GE. This will, at
least for the time being, probably dash the hopes of some to have an
interconnected smart home, or at least smart lighting, with IoT
devices from different and competing brands.

Technically, Philips Hue
bulbs speaks the language of Zigbee, a wireless communications
protocol that many devices, including some routers and remote
controls, support. The purpose of such standards is to actually make
devices talk to one another. At least in an ideal world. Philips,
however, would prefer not to be so communicative.

“NISO [National Information Standards
Organization] has published a
set of consensus principles for the library, content-provider and
software-provider communities to address privacy issues related to
the use of library and library-related systems. This set of
principles developed over the past 8 months focus on balancing the
expectations library users have regarding their intellectual freedoms
and their privacy with the operational needs of systems providers.
The NISO
Privacy Principles set forth a core set of guidelines by which
libraries, systems providers and publishers can foster respect for
patron privacy throughout their operations. The Principles outline
at a high level basic concepts and areas which need to be addressed
to support a greater understanding for and respect of privacy-related
concerns in systems development, deployment, and user interactions.
The twelve principles
covered in the document address the following topics: Shared Privacy
Responsibilities; Transparency and Facilitating Privacy Awareness;
Security; Data Collection and Use; Anonymization; Options and
Informed Consent; Sharing Data with Others; Notification of Privacy
Policies and Practices; Supporting Anonymous Use; Access to One’s
Own User Data; Continuous Improvement and Accountability.”

Perspective. Mostly some trivial(?) examples, but
I see a trend here. Social media as ombudsman?

… The downgrade cited slower growth, higher
inventory, slowing demand
on the drone business and stagnating product growth. We
first heard about it on Twitter.

… But let's take a look at the valuation. Do
we think the company will be around in 10 or 15 years to be able to
deliver the future earnings that you are paying for at today's price?
Yes, we do. Also, the company has zero debt, and that leaves their
balance sheet open for leverage in case they want to consider things
like a stock buyback or taking on debt to acquire companies or
finance future operations.

From stuff.co.nz, news comes that the
Church of the Flying Spaghetti Monster is now
able to solemnize marriages. The registration was listed in the
NZ gazette
yesterday. The Registrar-General decided that the Church met the
criteria in New Zealand for solemnizing marriages, as per the
Marriage Act 1955, namely that the "principal object of the
organization was to uphold or promote religious beliefs,
philosophical or humanitarian convictions."

Something for my students to use. Congress asks
and these guys answer – then Congress ignores them.

“CRSReports.com
is a free web based repository of Congressional Research Service
(CRS) Reports. This digital library is dedicated to hosting an
extensive collection of CRS documents. All information provided by
CRSReports.com
is publicly available and can be accessed for free without sign-up or
registration. This growing collection of CRS reports is made freely
available to policy makers (including Hill staffers who while off of
the Hill may decide not to login into the Capitol intranet) and other
users for purposes beneficial to our political system and the public…
CRSReports.com
hosts but does not author CRS documents. CRS documents are written
by the Congressional Research Service an information resource within
the US Library of Congress. CRS does not serve members of the public
directly, they focus solely on assisting and informing Congress. CRS
serves the US federal legislative branch and in this manner
indirectly serves the public.”

CRSReports.com
– “The Internet’s largest free and public collection of
Congressional Research Service Reports.”

For my students. Slow my video to ¼ speed and
I'll still flunk you too fast to see! (The “F” is quicker than
the eye.)

… After expanding the gear settings symbol
with a click, you can disable annotations, change the video quality,
edit subtitles, or change the speed — yes, YouTube allows you to
play the video in normal time, sped up at 1.25x, 1.5x, or 2.0x speed,
or slowed down to 0.5x or 0.25x speed.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.